gs101-sepolicy: Add twoshay permissions
Add twoshay and touch input context library permissions
Bug: 173330899
Bug: 173330981
Test: check boot-time twoshay startup and no denials.
Signed-off-by: Steve Pfetsch <spfetsch@google.com>
Change-Id: I68aace66f49c2af1ebfd4bde7082039f9caf3f64
Signed-off-by: Tai Kuo <taikuo@google.com>
diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te
index 375c91c..9287dd1 100644
--- a/whitechapel/vendor/google/device.te
+++ b/whitechapel/vendor/google/device.te
@@ -30,6 +30,9 @@
# Bt Wifi Coexistence device
type wb_coexistence_dev, dev_type;
+# Touch
+type touch_offload_device, dev_type;
+
# LWIS (Lightweight Imaging Subsystem) devices, used by Lyric camera HAL
type lwis_device, dev_type;
diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index 68bcf67..d257d29 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -363,6 +363,10 @@
/vendor/lib(64)?/hw/gralloc\.gs101\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/hw/vulkan\.gs101\.so u:object_r:same_process_hal_file:s0
+# Touch
+/dev/touch_offload u:object_r:touch_offload_device:s0
+/vendor/bin/twoshay u:object_r:twoshay_exec:s0
+
# Fingerprint
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0
/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc u:object_r:hal_fingerprint_default_exec:s0
diff --git a/whitechapel/vendor/google/twoshay.te b/whitechapel/vendor/google/twoshay.te
new file mode 100644
index 0000000..139294d
--- /dev/null
+++ b/whitechapel/vendor/google/twoshay.te
@@ -0,0 +1,8 @@
+type twoshay, domain;
+type twoshay_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(twoshay)
+
+allow twoshay touch_offload_device:chr_file rw_file_perms;
+allow twoshay twoshay:capability sys_nice;
+
